[CLSA-2026:1776782592] nodejs: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-04-21 14:43:16 UTC
Description:
- CVE-2026-26996: fix ReDoS in bundled minimatch caused by consecutive non-globstar * characters, by coalescing them during pattern compilation - CVE-2026-27904: fix ReDoS in bundled minimatch from nested extglobs and multiple non-adjacent ** wildcards, by limiting globstar recursion
Updated packages:
  • nodejs-16.20.2-8.el9_2.tuxcare.els11.x86_64.rpm
    sha:5dd9fc6d7e1042001fdc1569e92b2a79371b7cc5d19c594cfc354857d99311db
  • nodejs-devel-16.20.2-8.el9_2.tuxcare.els11.x86_64.rpm
    sha:f4985091c489cf5582d3b07dba94dc73fd9eed49e382a17bd87b868a7f6079b8
  • nodejs-docs-16.20.2-8.el9_2.tuxcare.els11.noarch.rpm
    sha:63cd7f7a5387ceabb7c547e7cc7e07bb5da3ccab24d379d52a0175830d47b27a
  • nodejs-full-i18n-16.20.2-8.el9_2.tuxcare.els11.x86_64.rpm
    sha:95dd774d74aee6a468dd5cce45390e96cc928a531337c10567160fbbfc5e1b05
  • nodejs-libs-16.20.2-8.el9_2.tuxcare.els11.i686.rpm
    sha:1b0766d93f4f974c645f882e272786ae8a739e0eac94c4502a6a8644deea8745
  • nodejs-libs-16.20.2-8.el9_2.tuxcare.els11.x86_64.rpm
    sha:a0cbe43323658563f939795624391222fb2ca6ddde9a54c8c974bc14e30ecd87
  • npm-8.19.4_1.16.20.2-8.el9_2.tuxcare.els11.x86_64.rpm
    sha:4a4ab8d03e9331cb520c809b672484b59691b73efaa93f2d0c654a908d303951
  • v8-devel-9.4.146.26_1.16.20.2-8.el9_2.tuxcare.els11.x86_64.rpm
    sha:aacbf9083d8f630bc1c168de40ae9c365336b3e957f095f4ed925fe803fc7dd0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.